VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-um4b-36qj-g7fm

Essentials
Severities (26)
References (20)
Severity details (7)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-um4b-36qj-g7fm
Aliases	CVE-2024-45492
Summary	An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-190

Integer Overflow or Wraparound

System	Score	Found at
cvssv3	6.2	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45492.json
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00225	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2024-45492
cvssv3.1	6.2	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	7.3	https://github.com/libexpat/libexpat/issues/889
ssvc	Track	https://github.com/libexpat/libexpat/issues/889
cvssv3.1	7.3	https://github.com/libexpat/libexpat/pull/892
ssvc	Track	https://github.com/libexpat/libexpat/pull/892
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2024-45492

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45492.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-45492
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45492
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.netapp.com/advisory/ntap-20241018-0005/
1080152		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080152
2308617		https://bugzilla.redhat.com/show_bug.cgi?id=2308617
889		https://github.com/libexpat/libexpat/issues/889
892		https://github.com/libexpat/libexpat/pull/892
cpe:2.3:a:libexpat_project:libexpat::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libexpat_project:libexpat::::::::
CVE-2024-45492		https://nvd.nist.gov/vuln/detail/CVE-2024-45492
RHSA-2024:10135		https://access.redhat.com/errata/RHSA-2024:10135
RHSA-2024:11109		https://access.redhat.com/errata/RHSA-2024:11109
RHSA-2024:6754		https://access.redhat.com/errata/RHSA-2024:6754
RHSA-2024:6989		https://access.redhat.com/errata/RHSA-2024:6989
RHSA-2024:7213		https://access.redhat.com/errata/RHSA-2024:7213
RHSA-2024:7599		https://access.redhat.com/errata/RHSA-2024:7599
RHSA-2024:9610		https://access.redhat.com/errata/RHSA-2024:9610
USN-7000-1		https://usn.ubuntu.com/7000-1/
USN-7000-2		https://usn.ubuntu.com/7000-2/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-45492.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/libexpat/libexpat/issues/889

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:05Z/ Found at https://github.com/libexpat/libexpat/issues/889

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/libexpat/libexpat/pull/892

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-08-30T13:53:05Z/ Found at https://github.com/libexpat/libexpat/pull/892

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-45492

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.45234
EPSS Score	0.00225
Published At	Aug. 4, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:31:18.656957+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/v3.20/community.json	37.0.0